Hello! We at Five Colleges are using a fork of an older version of Setae and I'd like to get us back onto the main version in anticipation of Sunflower. The biggest point of difference is that we can have alphanumeric+ barcodes like 569427-10-UMA.

I've chosen to implement this as "take a string parameter and then validate with a regex" mainly because the barcode is passed directly to FOLIO as a query. This is fine when the barcode is limited to numbers but with strings someone could do something similar to a SQL injection like https://setae-api.library.edu/items/*) and (malicious query?format=json to get raw information out of FOLIO they might not otherwise have permissions to.

By default, if the regex environment variable is not set, it will maintain the existing behavior of only allowing an integer barcodes using a default \d+ regex.

I've tested this running the docker container locally.